Consent guidelines for pay-ins
You need to inform your users and gain their consent in your payment authorisation flow.
If you are not regulated for payment initiation services under PSD2 in the UK or EU, then you must display some additional information in your payment journey. This page sets out what you need to include in your flow for either payments or mandates.
For all of the information on this page, for either payments or mandates, be aware of the following points:
- All mandatory information you need to include in your flow is clearly identified by the word must.
- The wording can be added in any format, but must remain clear and visible to your customers.
- Your payment journeys require approval by TrueLayer before you can test in production and go live.
- Your payment journeys must not be changed without TrueLayer’s prior approval.
- TrueLayer will help you create the best experience for your customers, so contact us if you need it.
If you need approval before when you develop a payment journey, or to change an existing payment journey, raise a ticket with our Client Operations team. Include a copy of your customer’s payment journey, ensuring it covers the end user’s consent and the payment confirmation.
Pay-in journey and consent
There are two parts to developing an authorisation flow for payments where your user gives informed consent:
- Your user consents to TrueLayer initiating a payment on their behalf: Pre-consent.
- You provide information to your user after payment initiation: Post-consent.
Example payment journey
This example payment journey meets the information and consent requirements both before and after the user gives consent, while also having a great user experience. We recommend you use a similar approach for your flow (although you can meet the requirements with a different design).
In this example, the Confirm payment screen fulfils the consent requirements before payment initiation. The Payment submitted screen fulfils the requirements after payment initiation.
Pre-consent requirements for pay-ins
Before they create a payment with their bank, the user must consent to TrueLayer initiating a payment on their behalf. This consent should account for the four things detailed in this section. In the example payment journey above, these are fulfilled by the Confirm payment screen.
The timing of when you need to collect user consent changes depending upon authorisation flow:
- For a redirect authorisation flow, these requirements must be met before you redirect the user to their bank's app or website.
- For an embedded authorisation flow, these requirements must be met before your flow asks the user for any of the bank’s additional inputs.
1. Payee account name
You must always clearly state the payee to be credited through the payment.
Our suggested wording is:
You are paying {insert payee name}.
2. Amount and currency
You must always clearly state the amount and currency of the payment.
3. Confirm button
You must only allow the user to proceed with the payment if they provide active confirmation that they want to pay the amount shown to the payee account name shown.
4. End-user terms of service and privacy policy
You must include the following wording on your payment user interface:
By continuing you are permitting TrueLayer to initiate a payment from your bank account. You also agree to our Terms of Service and Privacy Policy.
The Terms of Service and Privacy Policy page links change depending on the language, regulatory area, and whether you're in the UK or the EU.
UK, in English:
- Terms of Service: https://truelayer.com/enduser_tos
- Privacy Policy: https://truelayer.com/privacy
EU, in English:
- Terms of Service: https://truelayer.com/en-ie/enduser_tos
- Privacy Policy: https://truelayer.com/en-ie/privacy
EU, in German:
- Terms of Service: https://truelayer.com/de-de/rechtliche-hinweise/nutzungsbedingungen-fur-endbenutzer
- Privacy Policy: https://truelayer.com/de-de/rechtliche-hinweise/datenschutzerklarung/
EU, in Spanish:
- Terms of Service: https://truelayer.com/es-es/legal/condiciones-del-servicio-para-el-usuario-final/
- Privacy Policy: https://truelayer.com/es-es/legal/aviso-de-privacidad/
EU, in French:
- Terms of Service: https://truelayer.com/fr-fr/legal/conditions-generales-dutilisation/
- Privacy Policy: https://truelayer.com/fr-fr/legal/politique-de-confidentialite/
(Optional) Explain Signup+ data sharing
If your integration uses Signup+ to collect user information in the UK, you need to include extra wording that explains what data they will share and how. This is an example of the screens you could use to explain how this works and the data shared:
This is our suggested wording to explain data sharing through Signup+:
Data you’re sharing
We’ll send the bank details from your payment to our partner, Equifax, who’ll return the following information to verify your identity on {Merchant}:
- Full name
- Home address
- Date of birth
This is a ‘soft search’ so it won’t affect your credit score.
Post-consent requirements for pay-ins
After the user has authorised the payment with their banking provider, you must provide the user with confirmation that the payment was successfully initiated. If the payment fails, you must also inform the user. You must also provide specific details about the transaction.
In the example payment journey above, these three requirements are satisfied by the Payment submitted screen.
1. Confirmation of payment initiation
At a minimum, you must confirm that the payment has been successfully initiated with the end user’s banking provider, or that the payment has failed.
2. Amount and currency
You must always clearly state the amount and currency of the payment that was initiated.
3. Payment reference
You must state a payment reference, enabling the payer to identify the payment transaction and, where appropriate, information relating to the payee.
Alternative methods for confirmation of payment initiation
Our recommended approach for providing confirmation of payment initiation is a Payment submitted screen. However, for your payment journey, you may prefer to consider other approaches for confirmation, such as:
- Emailing or texting this information to the end user.
- Providing a link to allow an end user to download a PDF of the information.
- Having the information accessible for the end user to view on your app.
Note that whichever approach you take to meet the payment and consent flow requirements, TrueLayer needs visibility of the payment journey before you test in production.
Simply create a ticket to reach our Client Operations team, including a copy of your customer’s payment journey. This forms a part of our regulatory compliance approval process.
Updated 5 months ago